Virus and Spyware Removal Guides, uninstall instructions

What kind of page is allactualspot[.]com?

Our research team discovered the allactualspot[.]com rogue webpage while investigating untrustworthy websites. It pushes browser notification spam and redirects users to different (likely dubious/malicious) sites. Most users access pages like allactualspot[.]com via redirects caused by websites using rogue advertising networks.

What is Whiteboard New Tab?

Whiteboard New Tab is a rogue browser extension that our researchers discovered while inspecting suspicious websites. It is presented as a tool that allows the user to draw/write on a new browser tab. However, Whiteboard New Tab also operates as a browser hijacker, i.e., makes changes to browser settings in order to cause redirects to the find.asrcforit.com fake search engine.

What is RansomBoggs ransomware?

RansomBoggs, also known as Sullivan, is a ransomware-type program. Malware within this classification encrypts data and makes ransom demands for the decryption (i.e., file recovery).

After being launched on our testing system, this ransomware encrypted files and appended their names with a ".chsch" extension. For example, an original filename such as "1.jpg" appeared as "1.jpg.chsch", "2.png" as "2.png.chsch", and so forth.

Once this process was completed, RansomBoggs created a ransom note titled "SullivanDecryptsYourFiles.txt", which made multiple references to the animated movie Monsters, Inc. and one of its main characters - James P. "Sulley" Sullivan.

It is pertinent to mention that RansomBoggs ransomware has been used in attacks against various Ukrainian organizations.

What is HBM ransomware?

HBM is the name of a ransomware-type program designed to encrypt data and demand payment for the decryption. This malicious program is part of the Dharma ransomware family.

Once a sample of HBM was executed on our test machine, it began encrypting files and altering their filenames. Original titles were appended with a unique ID assigned to the victim, the cyber criminals' email address, and a ".HBM" extension. For example, a file initially named "1.jpg" appeared as "1.jpg.id-1E857D00.[hebem@cock.li].HBM".

Afterwards, ransom-demanding messages were created; one was presented in a pop-up window, and the other - a text file titled "info.txt" - was dropped onto the desktop.

What kind of application is Cities HD Backgrounds in Your New Tab?

We tested the Cities HD Backgrounds in Your New Tab application and found that it operates as a browser hijacker. It promotes a fake search engine (spntextension.com) by changing the web browser's settings. We discovered Cities HD Backgrounds in Your New Tab browser extension on a deceptive web page.

What kind of email is "Microsoft Request Verification"?

It is a scam email created to steal login information. It is disguised as a letter from Microsoft regarding account verification. It contains a link to a phishing page (a fake login website). This scam email should be marked as spam and deleted.

What is InputView?

InputView is a rogue application that our researchers discovered while investigating new submissions to VirusTotal. After inspecting this app, we determined that it is adware belonging to the AdLoad malware family.

What kind of malware is WASP?

WASP (W4SP) is the name of an information-stealing malware that steals victims' passwords, credit card details, Discord accounts, cryptocurrency wallets, and personal files and sends them to the threat actor. It sends stolen data via a Discord webhook address. WASP has been observed being sold to cybercriminals for $20.

What is Kevin ransomware?

While inspecting new malware submissions to VirusTotal, our research team discovered the Kevin ransomware. Malicious software within this classification operates by encrypting data in order to make ransom demands for the decryption keys/tools.

When we executed a sample of Kevin ransomware on our test machine, it began encrypting files and altered their titles. Original filenames were appended with the attackers' email address and a ".kevin" extension, e.g., a file initially titled "1.jpg" appeared as "1.jpg.[homealone@msgden.net].kevin", and so on for all of the affected files. Afterward, a ransom note - "ReadNe_kevin.txt" - was dropped onto the desktop.

What kind of email is "Daily Quarantined Message Report"?

Our analysis of the "Daily Quarantined Message Report" email revealed that it is spam. Letters belonging to this campaign are presented as genuine reports concerning recipients' inboxes. This spam mail aims to steal email accounts by promoting a phishing website.